Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
08/01/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
4a588e938d447df4d0cd9b26d791a724.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4a588e938d447df4d0cd9b26d791a724.exe
Resource
win10v2004-20231222-en
General
-
Target
4a588e938d447df4d0cd9b26d791a724.exe
-
Size
1.9MB
-
MD5
4a588e938d447df4d0cd9b26d791a724
-
SHA1
20aea6284729fd9680be5b944ab8cb9f3a4c70f2
-
SHA256
b5b9137fa9ea5cef7233830411dcc95d949b804d07203c3b834081052cd587a3
-
SHA512
6505878f8f1996df5e5f8d6d9f7d250df934d40119fac25a40095ab5cde24817aa5f67ee3e224db12603a2e60441848145abd95bcfedd774d59713309bb3cbe9
-
SSDEEP
49152:Qoa1taC070dNtPltRVS9wChgsHX8N32Jvj57zvJO7a6:Qoa1taC0klTY9lisHJ5j57zxO3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2188 5AE1.tmp -
Executes dropped EXE 1 IoCs
pid Process 2188 5AE1.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3512 wrote to memory of 2188 3512 4a588e938d447df4d0cd9b26d791a724.exe 92 PID 3512 wrote to memory of 2188 3512 4a588e938d447df4d0cd9b26d791a724.exe 92 PID 3512 wrote to memory of 2188 3512 4a588e938d447df4d0cd9b26d791a724.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3512 -
C:\Users\Admin\AppData\Local\Temp\5AE1.tmp"C:\Users\Admin\AppData\Local\Temp\5AE1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe 9D8FF65A8EF46CE70B4F77BF468A322841F7A180632BDF97050705BA2DA0C0B218F203EBF73F1FDD0339A50E26D8247D230A6D34CE1405F4668755C1A67129BA2⤵
- Deletes itself
- Executes dropped EXE
PID:2188
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
442KB
MD56df0f7cf012ad33d55cf2b5d523272e7
SHA18a738ecf83d54ba34da4cac4b55de877a1b83e2c
SHA2567c836caeab9a4d11101036585ba78cc63ef0bc2f0dd4064c4d80bd761ff693c7
SHA5129119ff594efc354498fa3358ba5c7c65049b225747f3fe66c2bb7d1016ad94e78d3a77c113f689a7684c3c82dc63fbeaed4845e4c07320d71c1e3c53939bd2d8
-
Filesize
297KB
MD55a8dd5c213cc3db013821cbabeabe2d9
SHA1421295ff5295035e9fab52cbe52e02eb96d24e6b
SHA256712c3eb0c4f96e217ea0b432822e0de98a19e1c92a6df639eb455bdc0512235b
SHA5124825e4c33999cbca13b68d53ad20cb54855e4bfeb97424003e54b9501e537b6949dcfea978a6d5a19b23089a1b5c8474f3d898ae305b6bd361b81f782d3b2ef6